Vulnerabilities > Kotti Project > Kotti > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-09 | CVE-2018-9856 | Cross-Site Request Forgery (CSRF) vulnerability in Kotti Project Kotti Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. | 6.8 |